What strategies can improve work relations with cybersecurity vendors, particularly during the buying process, and what is essential for maintaining a positive relationship after acquiring the product?

2.4k views2 Upvotes3 Comments

CISO in Finance (non-banking), 10,001+ employees
Scope of work of the product and services must be freezed and discussed in detail with vendors and their buyin must be taken. There has to be clear and transparent communication with the vendors and even if the product has limitations which cannot fulfill the need of the organization. Reasonable time must be given to them to demonstrate their product capabilities and response to the RFPs. Use cases must be discussed and finalized as part of product evaluation to avoid the confusion at later stage and give them fair idea on overall purchase process of the organization. Appropriate feedback must be given after product is evaluated. 3 criteria must be there as part of evaluation which includes quality of the product, security of the product and technical support. Regular review of the solution must be done with vendors after product is implemented and positive and negative aspects must be highlighted. Payment term and conditions must be discussed and freezed. Organization can allow vendor to use as an customer reference depending upon the agreement or consent
Director of IT in Software, 201 - 500 employees
There are few key points and strategies from my experience

- scope of work should be exactly and detailed planned, as well as KPI's to measure achievements of goals
- goals should be set realistic
- during buying process you should have well defined criteria to choose vendor, we usually use weighted scoring table to have it also well documented
- you need to check overall costs (TCO), specially is important how much it will costs you to add additional seats or features for cybersecurity products or services you are buying
- you must check integration possibilities with other solutions or products which might you use
- extremely important is to have well defined support process, path of escalation of problems and issues 
- define process for emergency situation. If you have zero day attack or vulnerability time to react and take necessary measures is critical
- you should have nominated person on vendor's side who is your primary contact for all activities
- you must have regular communications and meetings with vendor to check open topics, problems or issues which might arise, bugs on vendor side etc.
Director of IT in Healthcare and Biotech, 1,001 - 5,000 employees
I'll try to give a pragmatic answer that will hopefully be beneficial to both sides.

Customers - it's helpful to do some homework about the product before any sales calls, RFPs. Review their website or ask for some product materials. It will make for a more meaningful and informed discussion. Be clear about your objectives and business/security challenges you are trying to solve.

Vendors - one common complaint I hear from peers is not listening. There have been many-a-times where a vendor has tried to sell me something without even asking what problems I'm trying to solve. Take time to understand what the customer is looking for. Be honest about what your product can and can't do. How can your product address the specific needs mentioned?

Resellers - the right reseller can really help navigate the buying process, but a bad reseller can make things way more complicated than it needs to be. I've had the privilege to work with some great ones, but also very poor ones as well. The good ones have always invested the time to understand the needs of the customer. The bad ones have usually just tried to push products whether they were suitable or not.

Content you might like




Non-production DBs (Dev, Training, QA, etc.)30%


1.5k views1 Upvote

Very important.31%


Not necessary.5%

Not important at all.1%



CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
46.6k views133 Upvotes324 Comments